Easy To Use Patents Search & Patent Lawyer Directory

At Patents you can conduct a Patent Search, File a Patent Application, find a Patent Attorney, or search available technology through our Patent Exchange. Patents are available using simple keyword or date criteria. If you are looking to hire a patent attorney, you've come to the right place. Protect your idea and hire a patent lawyer.

A system and method for generating a digital certificate is provided
wherein a new digital record is received and is assigned a sequence
value. A first composite digital value is generated by applying a first
deterministic function to the digital records stored in a repository. The
sequence value and first composite digital value are included in a first
certificate. After the digital record is added to the repository, a
second composite digital value is generated by applying a second
deterministic function to the digital records in the repository. This
second composite digital value, and a composite sequence value, are
published. An interval digital value which is based upon the first and
second composite digital values, and the sequence value, are included in
a second certificate which thus verifies the authenticity and sequence
value of the digital record.

1. A method for generating a digital certificate, comprising the steps of:
providing for receiving a new digital record; providing for assigning a
sequence value to the new digital record; providing for generating a
first composite digital value by applying a first deterministic function
to at least a first subset of the digital records stored in a repository;
providing for generating a first digital certificate, wherein the first
digital certificate comprises at least the sequence value and the first
composite digital value; providing for adding the new digital record to
the repository; providing for generating a second composite digital value
by applying a second deterministic function to at least a second subset
of the digital records stored in the repository, wherein the second
subset includes the new digital record; providing for generating a
composite sequence value; providing for generating an interval digital
value, wherein the interval digital value is based upon the first and
second composite digital values; and, providing for generating a second
digital certificate, wherein the second digital certificate comprises at
least the sequence value and the interval digital value.

2. The method of claim 1, wherein the sequence value is representative of
the order in which the new digital record was received.

3. The method of claim 1, further comprising the step of: applying a
digital signature to the first digital certificate.

4. The method of claim 3, wherein the first digital certificate is
generated using an asymmetric cryptographic algorithm.

5. The method of claim 1, wherein the step of generating the first
composite digital value is performed by applying the first deterministic
function to all of the digital records stored in the repository.

6. The method of claim 1, wherein the first and second deterministic
functions are not the same functions.

7. The method of claim 1, wherein the first and second deterministic
functions are the same functions.

8. The method of claim 1, wherein the step of generating the second
composite digital value is performed by applying the second deterministic
function to all of the digital records stored in the repository.

9. The method of claim 1, wherein the first digital certificate further
comprises the new digital record.

10. The method of claim 1, wherein the second digital certificate further
comprises at least one of: the new digital record and the composite
sequence value.

11. The method of claim 1, wherein the repository of digital records
comprises a data structure based on a forest of binary hash trees.

12. The method of claim 1, further comprising the step of: transmitting
the second composite digital value to a public forum.

13. The method of claim 1, further comprising the step of: transmitting
the composite sequence value to a public forum.

14. The method of claim 1, wherein the step of generating the first
composite digital value is performed before the step of adding the new
digital record to the repository.

15. The method of claim 1, wherein the step of generating the first
composite digital value is performed before the step of generating the
second composite digital value.

16. A digital certificate comprising: a sequence value, wherein the
sequence value represents the number of digital records stored in a
repository of digital records at a particular time; and, an interval
digital value, wherein the interval digital value is a component of a
composite digital value generated by the application of a deterministic
function to at least a subset of the digital records stored in the
repository at a particular time.

17. The digital certificate of claim 16, wherein the deterministic
function is dependent upon the sequence value.

18. The digital certificate of claim 16, wherein the composite digital
value is generated by the application of the deterministic function to
all of the digital records stored in the repository.

19. The digital certificate of claim 16, further comprising at least a
portion of a digital record.

20. The digital certificate of claim 16, wherein the sequence value
represents the number of digital records stored in the repository when a
digital record was added to the repository.

21. The digital certificate of claim 16, wherein the digital certificate
further comprises a composite sequence value representing the number of
digital records stored in the repository at a particular time.

22. The digital certificate of claim 21, wherein the composite sequence
value is transmitted to a public forum.

23. The digital certificate of claim 16, wherein the repository of digital
records comprises a data structure based on a forest of binary hash
trees.

24. A method for evaluating a digital certificate comprising at least a
sequence value and a first composite digital value, comprising the steps
of: providing for generating a second composite digital value by applying
a deterministic function to at least a subset of the digital records
stored in a repository; providing for generating an interval digital
value, wherein the interval digital value is based upon the first and
second composite digital values; and, providing for determining from the
interval digital value whether the first composite digital value
accurately reflects at least a subset of the digital records in the
repository.

25. The method of claim 24, wherein the sequence value is representative
of the order in which a digital record was received.

26. The method of claim 24, wherein the digital certificate further
comprises a digital signature.

27. The method of claim 26, wherein the digital signature is generated
using an asymmetric cryptographic algorithm.

28. The method of claim 26, further comprising the step of: providing for
determining whether the digital signature is authentic.

29. The method of claim 24, wherein the first composite digital value is
generated by applying a second deterministic function to at least a
subset of the digital records stored in the repository.

30. The method of claim 29, wherein the first composite digital value is
generated by applying the second deterministic function to all of the
digital records stored in the repository.

31. The method of claim 24, wherein the second composite digital value is
generated by applying the deterministic function to all of the digital
records stored in the repository.

32. The method of claim 24, wherein the digital certificate further
comprises a digital record.

33. The method of claim 24, wherein the digital certificate further
comprises a digital timestamp.

34. The method of claim 24, wherein the repository comprises a data
structure based on a forest of binary hash trees.

35. The method of claim 24, further comprising the step of: providing for
generating a composite sequence value by applying a second deterministic
function to at least a subset of the digital records in the repository.

36. The method of claim 35, wherein the composite sequence value is
representative of the number of digital records in the repository when
the second composite digital value is generated.

37. A method for generating a plurality of digital certificates,
comprising the steps of: providing for receiving a new digital record;
providing for assigning a sequence value to the new digital record,
wherein the sequence value represents the order in which the new digital
record was received; providing for generating a first composite digital
value by applying a hash function to all of the digital records stored in
a repository, wherein the new digital record is not stored in the
repository; providing for generating a first digital certificate, wherein
the first digital certificate comprises the sequence value, the composite
digital value, and the digital record; providing for applying a digital
signature to the first digital certificate, wherein the digital signature
is applied using an asymmetric cryptographic algorithm; providing for
adding the new digital record to the repository; providing for generating
a second composite digital value by applying a second hash function to
all of the digital records stored in the repository, wherein the new
digital record is stored in the repository; providing for generating a
composite sequence value, wherein the composite sequence value is equal
to the number of digital records stored in the repository when the second
composite digital value is generated; providing for generating an
interval value, wherein the interval value is generated by the
application of a third hash function dependent upon the first and second
composite digital values; and, providing for generating a second digital
certificate, wherein the second digital certificate comprises at least
the sequence value, the new digital record, the composite sequence value,
the composite sequence number, and the interval digital value.

[0002] The present invention relates to the creation and renewal of
digital certificates. More particularly, the present invention relates to
a secure system and method for generating a digital certificate.

BACKGROUND OF THE INVENTION

[0003] Digital electronic records are increasingly used as proof of
events. Historically, seals, signatures, special papers, and other tools
were used to prove the authenticity of documents and other records.
Moreover, in addition to proving the authenticity of documents and
records, these and other tools have been used to prove that a document
was received or produced in a certain order. These methods of proving
authenticity and order are useful in a variety of fields, including
banking, negotiations, legal filing, and public administration. Today,
these services are typically offered by notaries, auditors, and the like.

[0004] Similar services of authentication and order verification are
required in the marketplace of digitized electronic content. In a variety
of fields of this marketplace, electronic service providers receive
digital records. For example, an electronic banking system receives a
digital record of a consumer purchase. These service providers record the
sequence in which records are received, and assign each record a
"sequence value." After the record has been received and registered by
the service provider, a digital certificate is typically issued to the
record-providing party. The need may later arise for either the service
provider or another party to verify the order in which particular records
were registered. To meet this need for verification, sequence values may
be bound to digital records in such a way as to later prove that the
sequence values reflect the order of registration in a correct and
authentic way.

[0005] Typically, this binding of sequence numbers to digital records is
accomplished by asymmetric cryptography or, as an alternative method, by
publishing. A verifiable binding is referred to as a an order
certificate. Without verifiable bindings, service providers could deny
the validity of anything that is presented as a certificate.

[0006] When asymmetric cryptography is used to make the verifiable
binding, the service provider typically signs a digital record
(containing a corresponding sequence value) with a digital signature or
encryption scheme, such as RSA. Public key cryptography is fast enough to
enable almost instantaneous certificate generation. However, there is an
inherent weakness in using asymmetric cryptography to create digital
signatures: Cryptographic signature keys may become compromised. Once a
key has become compromised, the certificates created with that key are no
longer verifiable. Since the likelihood that a key will become
compromised increases over time, certificates created by using keyed
cryptographic are useful only for a short term.

[0007] When publishing is used to make the verifiable binding, the service
provider typically publishes a digital record together with a sequence
value in a widely-witnessed manner, for example, in a newspaper. If the
service provider commits to certain rules regarding publication, then the
published content can be relied upon as having been certified by the
service provider. Since no cryptographic keys are used in the publication
method, the problem of key compromise is not a concern. However, the
publication method is inefficiently slow. Publication is realistic daily
or weekly, but instant certificate creation, though demanded by the
modern electronic market, is impossible.

[0008] To verify the authenticity of certificate for a long term, and to
do so efficiently, publishing-based bindings and/or multiple key
signatures can be used in combination. However, since this combination
approach has the disadvantages of both systems, certificates must be
regularly updated, creating additional expense to maintain the validity
of the bindings.

[0009] There is another fundamental problem related to concerns the
properties of the sequence values themselves, typically represented as
integers. To some extent, verifiable bindings between digital records and
integers can be viewed by verifying parties as proof that the records did
indeed receive these sequence values.

[0010] Often, however, the sequence numbers assigned to digital records do
not accurately reflect the real temporal order in which records were
received. Malicious service providers may assign sequence numbers to
records in any order they so desire. Thus, a need has arisen to detect
erroneous behavior of a service provider. The concept of numbering
records can be too abstract to reflect the registration process. For
example, an assertion that three records were registered before any one
particular record does not provide any information about how the records
were registered. One way to overcome this problem is to define the
sequence value of a particular record as the set of all records preceding
a particular record in the repository. Such "sequence values" represent
the order of registering, but since they also record the history of the
repository, they cannot be denied by the service provider. However, if
each sequence value reflects the entire history of the repository, the
values may become so large as to make their calculation and transmission
impractical.

[0011] One way to confirm the history of a service provider is to include
a cryptographic digest of all previously registered records in the
digital certificate issued to the record-providing party. For example, a
linear chain hash may be created by applying a cryptographic hash
function to a concatenation of a newly-received record and the record
received immediately prior to it. Such a method is disclosed in U.S. Pat.
No. 5,136,646 to Haber et al. Cryptographic digests which are included in
order certificates create causal, one-way relationships between the
confirmations and thus can be used to verify their order without fear of
erroneous behavior by the service provider, because any erroneous
confirmation is detectable by a verifier examining the one-way causal
hash chain. The sequence values created by such processes are shorter
because of the use of cryptographic hash functions. However, verifying
such values still requires a calculation of all records in the
repository, and thus can consume significant processing resources. This
process is further disadvantageous because it cannot be performed without
interaction with the service provider.

[0012] Currently, efficient verifiable bindings are created with
asymmetric cryptography. However, in a number of applications there is a
need for longer-term verifiable bindings that are desirably verifiable
without the use of cryptographic keys. Accordingly, a need has arisen for
a digital electronic record registration system with procedures that
enable clients to replace short-term, digitally-signed certificates (via
asymmetric cryptographic methods) with long-term certificate proofs which
are based on cryptographic digests and publishing methods.

[0013] The present invention is provided to solve these and other problems
summary of the invention.

SUMMARY OF THE INVENTION

[0014] A system and method for generating a digital certificate is
disclosed in which clients submit digital records to a registration
service provider. The records are recorded and clients receive a
digitally-signed certificate which verifies the registration (and
registration number) of the record. These digitally-signed certificates
can then be replaced by a certificate proof which is generated by
applying a cryptographic hash function to the repository of all records.

[0015] In one embodiment of the present invention, a system and method for
generating a digital certificate is disclosed in which a client submits a
digital record to a registration service provider. A composite digital
value is generated which represents at least a subset of the entire
history of previously received records, wherein the composite digital
value is generated by applying a deterministic algorithm to the elements
stored in a repository. A confirmation certificate is then generated and
transmitted to the client, wherein the certificate comprises at least the
digital record, a sequence number assigned to the record, and the
composite digital value. The certificate is signed digitally using an
asymmetric cryptographic scheme. Thereafter, the digital record, or a
representation thereof, is added to the repository.

[0016] In another embodiment of the present invention, a system and method
for publishing a cryptographic digest of a repository of digital records
is disclosed. A composite digital value which represents at least a
subset of the entire history of received records is generated, wherein
the composite digital value is generated by applying a deterministic
algorithm to the elements stored in the repository. A composite sequence
number is also generated and set equal to the current sequence number of
the repository. This composite digital value, and the composite sequence
number of the repository, are then published to the public.

[0017] In another embodiment of the present invention, a system and method
for creating a certificate proof for a digital record is disclosed in
which an interval digital value is generated for the record relative to a
published composite digital value. A certificate proof is then generated,
wherein the certificate proof includes at least the interval digital
value and the sequence number of the record, and may also include a
subset of the digital record itself, the composite digital value, and the
composite sequence number.

[0018] Other features and advantages of the invention will be apparent
from the following specification taken in conjunction with the following
drawings.

BRIEF DESCRIPTION OF THE DRAWINGS

[0019] To understand the present invention, it will now be described by
way of example, with reference to the accompanying drawings in which:

[0020] FIG. 1 is the general flowchart of the system and method for
generating a digital certificate, illustrating in general the steps for
registering a digital record in a repository, cryptographically
publishing a digest of the repository, and generating a certificate proof
for the digital record.

[0021] FIG. 2 is a flowchart of a portion of the system and method for
generating a digital certificate, illustrating in detail the procedure
for registering a digital record in a repository and generating a digital
certificate verifying the registration of the record.

[0022] FIG. 3 is a flowchart of a portion of the system and method for
generating a digital certificate, illustrating in detail the procedure
for generating a certificate proof for a digital record.

[0023] FIG. 4 is a flowchart of one application of the system and method
for generating a digital certificate, illustrating the procedure for
using a certificate proof to verify the receipt and sequence number of a
digital record.

[0024] FIG. 5 is a flowchart of one application of the system and method
for generating a digital certificate, illustrating the procedure for
using certificate proofs to verify the receipt and sequence numbers of
more than one digital record.

[0025] FIG. 6 is a state transition diagram of the portion of the system
and method for generating a digital certificate, illustrating the states
and transitions therebetween for the generation of a first digital
certificate.

[0026] FIG. 7 is a state transition diagram of the portion of the system
and method for generating a digital certificate, illustrating the states
and transitions therebetween for the generation of a second digital
certificate and renewal of a first digital certificate.

[0027] FIG. 8 is an illustration of a data structure for use with the
system and method for generating a digital certificate, illustrating a
forest of binary hash trees.

[0028] FIG. 9 is an illustration of a data structure for use with the
system and method for generating a digital certificate, illustrating a
forest of hash binary hash trees represented as an indexed array.

[0029] FIG. 10 is an illustration of a data structure for use with the
system and method for generating a digital certificate, illustrating a
forest of binary trees arranged in a layered data structure.

[0030] FIG. 11 is an illustration of a table for use with the system and
method for generating a digital certificate, illustrating the workflow of
an algorithm for registering a digital record.

[0031] FIG. 12 is an illustration of a table for use with the system and
method for generating a digital certificate, illustrating the workflow of
an algorithm for generating a digital interval value.

[0032] FIG. 13 is an illustration of a table for use with the system and
method for generating a digital certificate, further illustrating the
workflow of an algorithm for generating a digital interval value.

DETAILED DESCRIPTION

[0033] While this invention is susceptible of embodiment in many different
forms, there are shown in the drawings and herein described in detail
preferred embodiments with the understanding that the present disclosure
is to be considered an exemplification of the principles of the invention
and is not intended to limit the broad aspect of the invention to the
embodiments illustrated.

[0034] Referring in detail to the drawings and initially to FIG. 1, there
is provided a system and method for generating a digital certificate. The
system and method, in abstract, comprises three primary functionalities.
The first primary functionality is the registration of a new digital
record. In step 101, the new digital record is created or received. A
digital record is a representation of a data item, and the data item can
represent any type of digital information. For example, the data item may
be an electronic document, order information, identification information,
or any other type of digitally-represented information. As a
representation of the data item, the digital record may comprise the data
item in its entirety, may comprise a portion of the data item, or may
comprise some other representation of the data item. In a preferred
embodiment, the new digital record is received in step 101. In another
preferred embodiment, the new digital record is created in step 101 based
on a received data item, and then stored in a repository of digital
records.

[0035] In step 102, a first deterministic function is applied to at least
a subset of the digital records stored in the repository, thereby
generating a first composite digital value. In a preferred embodiment,
the first deterministic function is applied to all of the digital records
stored in the repository, thus ensuring that the first composite digital
value is a representation of the entire history of the repository and
thereby reducing the possibility that the owner of the repository may
later tamper with the contents of the repository.

[0036] Also in step 102, a sequence number is assigned to the new digital
record. In a preferred embodiment, the sequence number represents the
order in which the new digital record is received. For example, if there
are ten digital records stored in the repository when the new digital
record is received, sequence number 11 will be assigned to the new
digital record. However, the sequence number can be any representation of
the time or order in which the new digital record is received.

[0037] In step 103, a first certificate is generated such that the
certificate verifies the receipt of the new digital record. The first
certificate comprises at least the sequence number assigned to the new
digital record, and the first composite digital value. In a preferred
embodiment, since the sequence number indicates the time at, or order in
which, the new digital record was received, and the first composite
digital value represents the history of the repository when the new
digital record was received, the first certificate therefore may be used
to verify the sequence number.

[0038] In step 104, additional information may optionally be added to the
first certificate. For example, in a preferred embodiment, the first
certificate additionally comprises the new digital record or a portion
thereof. This inclusion is useful in verifying that the contents of the
digital record were correctly received by the repository. In another
preferred embodiment, the additional information may be a timestamp
indicating the precise time at which the new digital record is received.

[0039] In step 105, a digital signature is applied to the first
certificate. The digital signature may be any type of signature such that
the signature authenticates the identity of the owner of the repository.
For example, the digital signature may be based on a private/public key
encryption scheme, such as RSA. In a preferred embodiment, the first
certificate is digitally signed using a private key of the owner of the
repository. Preferably, the first certificate is transmitted to the
creator or provider of the digital record.

[0040] In step 106, the new digital record or a representation thereof is
added to the repository. The step 106 of adding the new digital record to
the repository may be performed before or after the generation of the
first composite digital value in step 102. In a preferred embodiment, the
new digital record is added to the repository after the generation of the
first digital certificate in step 103, so as to reduce the wait time
required for the provider of the new digital record to receive the first
digital certificate. After the new digital record is added to the
repository in step 106, additional digital records may be created or
received; in other words, the system may return to step 101.

[0041] The second primary functionality of the system and method for
generating a digital certificate is the publication of information
pertaining to the repository. In step 107, a second composite digital
value is generated by applying a second deterministic function to at
least a subset of the digital records stored in the repository. Like the
first composite digital value, the second composite digital value
represents the history of the repository at a particular time. In a
preferred embodiment, the first and second deterministic functions are
not the same functions. Preferably, the second deterministic function is
applied to all of the digital records stored in the repository, and thus
the second composite digital value represents the entire history of the
repository, thereby reducing the threat that the owner of the repository
may tamper with the repository.

[0042] In step 108, a composite sequence number is generated, wherein the
sequence number corresponds to the order in which the second composite
digital value is generated. The composite sequence number thereby is an
indication of the temporal quality of the second composite digital value.
In step 108, the second composite digital value and the composite
sequence number are published, i.e., transmitted to a public forum. The
public forum may be any source of information that is available to the
general public. For example, the public forum may be a newspaper, a
magazine, an Internet website, or electronic mail.

[0043] The third primary functionality of the system and method for
generating a digital certificate is the creation of a second certificate
which proves the authenticity of the sequence number of the new digital
certificate. In step 109, a digital interval value is generated, wherein
the digital interval value is based upon the first and second composite
digital values. In a preferred embodiment, the digital interval value is
the result of the application of a third deterministic function applied
to the digital records stored in the repository between the receipt of
the new digital record and the generation of the second composite digital
value. Thus, the digital interval value can reflect the history of the
repository between the receipt of the new digital record and the
publication of the second composite digital value. However, the digital
interval value can also be the result of the application of a
deterministic function applied to all of the digital records stored in
the repository, and thereby reflect the entire history of the repository.

[0044] In step 110, a second certificate is generated, wherein the second
certificate includes at least the digital interval value and the sequence
number of the new digital record. Because the digital interval value
reflects the history of the repository since the new digital record was
added to the repository, or an earlier time, the digital interval value
can thus be used to verify the accuracy of the sequence number. The
digital interval value may also be used to renew, i.e., extend, the
authenticity of the new digital record. Since the generation of the
digital interval value is not based upon the use of encryption keys, the
security of the second digital certificate is not subject to encryption
key compromise.

[0045] Referring now to FIG. 2, there is provided in detail the steps of
the method for generating a digital certificate. In step 106, the new
digital record 200 is added to the repository 210. In step 205, a first
deterministic function is applied to at least a subset of the digital
records stored in the repository so as to produce a first composite
digital value 204. The step of adding the new digital record 200 to the
repository 106 may be performed either before or after the step of
applying the first deterministic function 205 to the repository 210. A
sequence number 202 is assigned to the new digital record 200, wherein
the sequence number represents the temporal value of the new digital
record 200, i.e. the order in which the new digital record 200 was
received.

[0046] In step 103, the first certificate 201 is generated. The first
certificate 201 includes at least the first composite digital value 204
and the sequence number 202 of the new digital certificate 200.
Additionally, the first certificate 201 may include the new digital
record 200 itself, and other additional data 207. In step 208, the first
certificate 201 is signed with a digital signature 209, wherein the
digital signature 209 is preferably based on a public key encryption
scheme.

[0047] In step 213, a second deterministic function is applied to the
digital records stored in the repository 210 to generate a second
composite digital value 212. A composite sequence number 217 is
generated, and is preferably set equal to the currently next-available
sequence number in the repository 210. In step 109, a digital interval
value 214 is generated, wherein the digital interval value 214 reflects
the temporal difference between the receipt of the new digital record 200
and the generation of the second composite digital value 212. Lastly, in
step 110, a second certificate 215 is generated, wherein the second
certificate 215 comprises at least the sequence number 202 of the new
digital record 200 and the digital interval value 212. Additionally, as
indicated in step 110, the second certificate 215 may comprise all or a
portion of the first certificate 201, and the composite sequence number
217.

[0048] Referring now to FIG. 3, there is provided in detail the steps of
verifying the second certificate 215. A first certificate 201 is received
from server 302 by a client 301, wherein the first certificate 201 was
preferably signed with a digital signature 209. Optionally, upon receipt
of the first certificate 201, a signature check procedure 308 is
performed to initially verify the authenticity of the first certificate
201. Preferably, the signature check procedure 308 consists of using a
key-based encryption scheme.

[0049] The first certificate 201 is received by a second client 303, and a
signature check procedure 308 is performed to verify the authenticity of
the first certificate 201. In a preferred embodiment, upon a
determination in step 308 that the digital signature 209 of the first
certificate 201 is invalid, the second client 303 will be unable to
confirm or validate the first certificate 201. Upon a finding that the
digital signature 209 of the first certificate 201 is valid, the first
certificate 201 is transmitted to a second server 304, at which the first
certificate is renewed, extended, and validated by application of the
method herein described for generating the second certificate 215. The
second certificate 215 is then transmitted to the second server 304. The
published second composite digital value 212 and composite sequence
number 217 are publicly available to the second client 303. Thus, based
on those values, the second certificate 215 and the first certificate
201, the second client 303 may verify the validity of the sequence number
202 via the verification process 307. Upon a determination that the first
certificate 201 and second certificate 215 are consistent, the second
client 303 is able to rely upon the authenticity of the sequence number
202 and digital record 200 provided by the first client 301.

[0050] Referring now to FIG. 4, there is provided in detail another
embodiment of the system and method for verifying a digital record 200. A
digital record 200 is transmitted from a client 402 to a verifying server
401. The second certificate 215 is received from an extension server 403,
where the process of generating the second certificate 215 has been
performed. The second composite digital value 212 and composite sequence
number 217, collectively referred to as the public values 212, are
published on public server 404, and are received by verifying server 401.
The second certificate 215, digital record 200, and public values 212 are
used in the verification process 405 herein described. Thus, the
verifying server 401 may rely upon the validity of the digital record 200
submitted by the client 402.

[0051] Referring now to FIG. 5, there is provided in detail an embodiment
of the system and method for registering digital records, wherein a
verifying server 501 may verify the order of sequence values 202 of
competing digital records 200 provided by first and second clients 502
and 504, respectively. A first client 502 transmits a first digital
record 503 to the verifying server 501, accompanied by the second
certificate 509 corresponding to the first digital record 503. A second
client 504 transmits a second digital record 510 to the verifying server
501, accompanied by the second certificate 511 corresponding to the
second digital record 510. Thus, the verifying server 501 may use the
system and method described herein to determine which of the competing
digital records 200 was registered earlier.

[0052] The public values 512, published on a public server 506, are
received by the verifying server 501. Using the verification process 507
described herein, the verifying server 501 may rely upon the first and
second digital records 200 and accompanying second certificates to
determine which of the digital records 200 are authentic. Morevoer, since
the sequence numbers 202 of the digital records 200 are reflected in the
second certificates 215, the verifying server 501 may also determine the
authentic order in which the digital records 200 were received.

[0053] Referring now to FIG. 6, a state transition diagram is provided
further illustrating the states and transitions therebetween for
registering a new digital record and generating a first digital
certificate. In step 603, the registration system is initialized. The
sequence value is set to zero, the repository is cleared of digital
records, and the composite digital values are cleared. In step 602, the
system waits to receive a digital record. When a digital record is
received, the first composite digital value is generated in step 604. In
step 605, a sequence value is assigned to the new digital record, and a
first digital certificate is generated according to the procedures
described herein. The first digital certificate is digitally signed.
Lastly, the new digital record is added to the repository. After
registration is complete in 605, the system returns to a state of waiting
602 to receive another new digital record.

[0054] Referring now to FIG. 7, a state transition diagram is provided
further illustrating the states and transitions therebetween for
extending the first digital certificate. The system begins in step 701,
and in step 703 the system is initialized. The second composite digital
value is generated by applying the second deterministic function to the
repository, and the composite sequence value is generated. The system
then proceeds to a state of waiting 702 for the receipt of a digital
certificate. If no digital certificate is received, the system may
intermittently return to step 703 to re-initialize and re-generate the
composite values. When a digital certificate is received, the interval
digital value is generated in step 704 according to the process herein
described. After the interval digital value is generated, the system
generates a second digital certificate in step 705. Lastly, the system
returns to a state of waiting 702 to receive another digital certificate.
In a preferred embodiment, since the generation of the second digital
certificate is dependent upon the contents of the first digital
certificate, the system may be used to renew or extend the authenticity
of the first digital certificate. The system may also be used to verify
the authenticity of the first digital certificate, and may also be used
to verify the authenticity of the digital record corresponding to the
first digital certificate.

[0055] Referring now to FIG. 8, a diagram is provided illustrating a data
structure for use with the system and method for generating a digital
certificate. In a preferred embodiment, the data structure is a forest of
binary hash trees wherein every parent vertex of a binary tree is a
cryptographic hash of the child vertices. The construction of the binary
hash tree is performed on the fly, based on the receipt of new digital
records. The new digital records are represented by hash values of a
predetermined size, and are stored as leaves 802 of the binary hash
trees. Because of the use of a binary tree data structure, the number of
digital records stored in the repository need not be known and the
topological parameters of the repository, for example, height and width,
need not be determined. FIG. 8 thus represents the forest of binary hash
trees data structure of the repository after six digital records have
been received.

[0056] The leaf vertices 802 of the forest are organized naturally. The
sequence number n of a leaf determines its position in the forest. If a
new data record x.sub.n is received, it is first stored as a leaf with
sequence value n and that tree is then updated. The updating process is
organized so as to provide that only the root vertices 801 of the forest
will participate in future generations of composite digital values. The
list of root vertices thus serves a state hash for use in the generation
of composite digital values. During the process of generating a composite
digital value, any vertex of the structure that can be computed is
computed and stored immediately. All leaves 802 are stored in their
computational order, preferably corresponding to the post-order traversal
of the tree. Since the root vertices 801 already represent the hash
values of the leaf vertices 802, the leaf vertices 802 need not be
considered in the generation of a composite digital value. Thus, the
forest of binary hash trees data structure provides for very fast
processing of the composite digital values.

[0057] Referring now to FIG. 9, a diagram is provided illustrating a data
structure for use with the system and method for generating a digital
certificate, wherein the forest of binary hash trees data structure is
further illustrated as an indexed array. The elements of an array
representing the forest are stored in their computational order. Stated
differently, the elements computed earlier in time have smaller indices
than the elements computed later. The process of building the forest data
structure preferably depends upon the use of a stack containing the root
hash values h.sub.1 . . . h.sub.s, with h.sub.s on the top of the stack.
If (x.sub.0 . . . x.sub.n-1) are the leaves of the forest, the number of
elements in the stack is equal to the number of bits set in the binary
representation of n. Each added leaf changes some values in the top of
the stack, and the number of values being changed is equal to the number
of rightmost 1-bits in the binary representation of n. For example, if
n=23 the nth addition changes three elements of the stack because
23=10111.sub.2.

[0058] Referring now to FIG. 10, a diagram is provided illustrating a data
structure for use with the system and method for generating a digital
certificate, wherein the data structure is further illustrated as a
layered forest of binary hash trees. It is preferable to organize the
binary tree in layers in order to efficiently calculate the digital
interval value. The nth layer 1001 is defined as a minimal subset of
vertices satisfying two assumptions. First, the layer satisfies the
assumption that for all n, the leaf x.sub.n belongs to the nth layer.
Second, the layer satisfies the assumption that if one of the child
vertices of a vertex v belongs to the nth layer and the other child
belongs to the (n-k)th layer (where k.epsilon.{0 . . . n}, then also the
vertex v belongs to the nth layer. FIG. 10 depicts an example of a binary
hash tree of six nodes organized in layers.

[0059] Referring now to FIG. 11, a table is provided illustrating the
workflow of an algorithm for use with the system and method for
generating a digital certificate. In a preferred embodiment, the
algorithm for registering a digital record, where n represents the
sequence number of the repository and x represents a new digital record,
is provided as:

[0060] Composite_value=[ ], Repository=[ ]

[0061] n:=0

[0062] repeat

[0063] Receive_Record (x)

[0064] Reply (n, Composite_value, x)

[0065] Append (Repository, x)

[0066] Update (Repository, Composite_value, n, x)

[0067] n:=n+1

[0068] Depicted in FIG. 11 is a workflow illustrating the application of
this algorithm with digital record inputs [x.sub.0, x.sub.1, x.sub.2,
x.sub.3, x.sub.4]. The function Update (Repository, Composite_value, n,
x) may further be defined as:

[0069] a:=n

[0070] while Odd (a) do

[0071] x:=Hash (Pop (Composite_value), x)

[0072] Append (Repository, x)

[0073] a:=a>>1

[0074] Push (Composite_value, x)

[0075] Referring now to FIG. 12, a table is provided illustrating the
workflow of an algorithm for use with the system and method for
generating a digital certificate. In a preferred embodiment, the
algorithm for generating an interval digital value, where n represents
the sequence number of the repository and N represents the composite
sequence value, is provided as:

[0076] head:=[ ], tail:=[ ],j:=.parallel.n.parallel..sub.1+1, b:=1

[0077] while f:=[(n.sym.b) or (b-1)].ltoreq.N do

[0078] if b&n=b

[0079] Append (head, Repository [2f-j+2])

[0080] j:=j-1

[0081] else

[0082] Append (tail, Repository [2f-j])

[0083] b:=b<<1

[0084] Depicted in FIG. 12 is a workflow illustrating the application of
this algorithm where n=4 and N=7. Depicted in FIG. 13 is a workflow
illustrating the application of this algorithm where n=3 and N=7.

[0085] It will be understood that the invention may be embodied in other
specific forms without departing from the spirit or central
characteristics thereof. The present embodiments, therefore, are to be
considered in all respects as illustrative and not restrictive, and the
invention is not to be limited to the details given herein.